Logger Report Results is empty
I try create report in logger this is step and i dont have results in report like i have results in the query in logger, please help me.
1. step: Results in the logger
2. step create report and query
3. step: Preview this report in same time and same devices
4. step : Result is empty. I must have one result
Please that is wrong !
What time did the events come to Logger?
Can you adjust your report time to cover that time span (event.arc_endTime) and not events.arc_eventTime?
And see what happens?
Is the disk space available on Logger. Please also check if the logger might hung, we did face same issue in our case logger was hung and we were receiving empty report.
I am also facing the same issue and unable to get the report generated from arcsight logger with admin account.
Tried all types of report options but not giving any log output but the same log is available in the log analyzer. It is the fresh install and done on two different servers with the same issue. Either I might missed some step or there is something wrong with installer.
In the search it looks like you are selecting certain device groups, while in your report it looks like you are selecting different devices. It also looks like you are selecting eventTime in the report but deviceReceiptTime in the search.
Did these events come into Logger as they happened? Or were they loaded later? You may be seeing different timestamps.
Try to NOT select any device groups, and no devices, and open the report times to when the events came into Logger. If the event is in there, there is no reason it cannot appear in a report.
In My case I am sending the syslogs by using smart connectors to the arcsight logger server directly. I can browse those events in the analyzer tab but when I try to generate report out of it, itz empty.
There are many failed login attempts in the events which I can search but it does not come in report.